OUR APPROACH TO RISK MANAGEMENT

Our Risk Management Approach and Governance

CIEL BOARD OF DIRECTORSINTERNAL AUDITORCLUSTER ARCCIEL RISK OVERSIGHT COMMITTEEGROUP HEAD OF RISKCLUSTER RISK CHAMPIONSCIEL AUDIT & RISK COMMITTEE

Managing risks and uncertainty is integral to the successful delivery of our strategic objectives and supports our desire to grow sustainable and resilient businesses.

Our Risk Management Approach and Governance

Our business model has demonstrated significant resilience over the past year, underpinned by geographical and product mix diversification, strict cost-control measures, business and operational agility and an efficient management of risks at all levels. As global uncertainty surged amidst the COVID-19 pandemic and the Russia/Ukraine conflict, it is through a structured approach that we are able to proactively respond to, mitigate and manage risks as well as embrace opportunities as they arise.

At CIEL, we identify, assess and manage risks using a group-wide top-down and bottom-up approach. The Board sets the risk appetite statement for CIEL in line with the Group’s strategic objectives, which is disseminated to our Clusters. The Audit and Risk Committee (“ARC”) under delegated authority from the Board, oversees the effectiveness of the risk management framework, including the identification of key and emerging risks CIEL faces. To support the ARC in this responsibility, underlying processes are in place, which are fully aligned with CIEL’s operating model where our Clusters are each responsible to identify, assess and manage their risks autonomously, and key functions are accountable at Group level for the ongoing tracking of identified key risks as well as changes in CIEL’s business landscape. The ARC also receives assurance from the Internal Auditor on risk management and internal control effectiveness, along with agreed mitigating actions to resolve any weaknesses identified.

CIEL’s risk governance structure is based on the three lines of defence model and is illustrated on the next page, together with the associated lines of communication. Our risk management activities and responsibilities are detailed in the subsequent sections.

Our Risk Management Process

Our risk management processes are underpinned by the Group’s Enterprise Risk Management (ERM) Policy and are embedded across all our Clusters and operations.

Risk identification and assessment are an integral part of CIEL’s risk management process and are carried out annually. A comprehensive review of the Clusters’ risk registers is performed, from which a list of the key risks faced by the Group is drawn up that considers:

(a) the top risks which repeat across at least 3 Clusters and merit elevation to Group level by virtue of their systemic nature;

(b) non-systemic risks which, based on materiality of the related Cluster or activity within the Group, merit elevation to Group level; and

(c) risks identified based on emerging trends.

Input is obtained from Group Executives and members of the ARC and ROC through a series of one-to-one interviews and workshops to produce the Group Risk Register. The likelihood of occurrence and potential impact of each risk are determined at both inherent and residual levels, the latter being arrived at after assessing the effectiveness of existing controls. The output from this process is consolidated to determine the top risks for the Group.

The top 5 risks (“Principal Risks”) which have been identified at Group level through the risk assessment process carried out during the year are detailed below.

Enhancing Our Risk Management Maturity Level

We spared no efforts in reinforcing our risk management framework during the year with concrete actions taken on various fronts:

GOVERNANCE

• Appointment of a Group Head of Risk, who is in charge of all risk related activities
• Communication of Group Risk Appetite Statement and Risk Policies to Cluster Risk Champions
• Permanent communication line between the Group Head of Risk and Cluster Risk Champions on risk matters and material incidents
• Structured quarterly meetings between the Group Head of Risk and Cluster Risk Champions to discuss material risk variations
• Revamped CIEL Risk Oversight Committee with better accountability from key Group functions in the risk management process

PROCESS

• Standard scoring methodology to ensure consistency in risk evaluation and reporting across all clusters
• Assessment and reporting of risks at inherent and residual levels, including standard methodology for assessing control effectiveness
• Tools and templates devised to standardise risk reporting across all clusters
• Defined methodology to identify and monitor risks which are systemic and material to the Group
• Participation of key Group functions in risk identification and assessment process
• Formalised incident reporting process at Group functional levels (e.g Cyber, ESG, data breach, litigation)

PEOPLE

• Clear articulation of the Group Risk function’s roles and responsbilities
• Regular risk awareness sessions with Cluster Risk Champions
• Regular interactions between Group Head of Risk and Cluster Risk Champions to assist with the design and operation of cluster risk functions

Monitoring Risk throughout the Group

Our risk management process is embedded across all the Clusters and operations. Each cluster is responsible for identifying, assessing and managing its risks autonomously, guided by the Group Risk Appetite Statement and the Group Enterprise Risk Management (ERM) Policy and framework. CIEL selects and consolidates its risks from the risks identified at cluster level which merit elevation as previously explained. Key functions are accountable at Group and cluster levels for the ongoing tracking of identified key risks and changes in CIEL’s business landscape.

CIEL BOARD

  • Sets Group Risk Appetite Statement in line with strategic objectives
  • Approves Group ERM Policy & Framework

CIEL ARC

  • Reviews adequacy of Group Risk Management & Internal Control Systems
  • Validates Group Risk Register & Heatmap
  • Reports material incidents & risk variations to Board
  • Obtains assurance from Internal Audit on internal control effectiveness and monitors remediation plans

CIEL ROC

  • Comprised of CIEL Executives & Head of Risk
  • Reviews Group Risk Register & Heatmap before ARC submission
  • Reports material incidents & risk variations to ARC
  • Monitors functional Risk Mitigation Plans
  • Disseminates CIEL risk culture across key cluster functions

GROUP HEAD OF RISK

  • Ensures operationalisation of Group’s ERM Policy & Framework
  • Builds & maintains Group Risk Register & Heatmap
  • Reports material incidents & risk variations
  • Monitors risk mitigation plans
  • Devise templates for risk assessment & reporting
  • Disseminates risk culture and risk awareness to cluster risk champions

CLUSTER RISK CHAMPIONS

  • Cluster Risk Appetite Statement
  • Cluster ERM Policy & Manual
  • Cluster Risk Register & Heatmap
  • Quarterly Cluster Risk Reports
  • Material risk variations
  • Material Incident reports

Our Risk Profile

Our top 5 risks (“Principal Risks”) together with the corresponding risk mitigating controls in place detailed below, have been identified through the risk assessment activities carried out during the year in accordance with the methodology previously outlined.

As is the case for other organisations in Mauritius and worldwide, CIEL continues to be vulnerable to external factors such as inflation, commodity price and exchange rate volatility, global supply chain disruptions, exacerbated by the COVID-19 pandemic and the Russia/Ukraine conflict. By virtue of our international presence, our performance is also highly dependent on the economic, social and political climate in the countries where we operate.

In an era of remote working and accelerated use of digital tools, cybercrime has increased significantly worldwide amidst the pandemic and the Russia/Ukraine conflict. As one of the leading groups in Mauritius with operations in sensitive sectors such as healthcare, banking and financial services, building cyber resilience is key to minimise operational disruptions, financial losses and reputational damage that may result from cyber-attacks.

Attracting and retaining the right talent has also emerged as one of the biggest challenges of organisations worldwide, particularly following massive attrition observed across several industries in the wake of the pandemic. The Group was faced with recruitment challenges, mainly in the Healthcare and Hospitality clusters due to shortages of qualified resources.

Climate change remains amongst our top 10 risks, being a widely acknowledged global emergency and a key priority for governments, businesses, and citizens around the world. Consideration of climate change and more generally Environmental, Social and Governance (ESG) risks forms part of our existing risk management processes, driven by our Sustainability Strategy 2020-2030.

The challenges brought by the pandemic, which is undoubtedly one of the most significant crisises of our times, have driven us to further strengthen our crisis mitigation plans and forge a culture of preparedness across all our operations. In today’s volatile world, our commitment is to move from a defensive risk management to a forward-looking stance based on strategic resilience, with risk management being fully embedded in major business decisions and initiatives.

Risk Heat Map

The following heat map shows CIEL’s Principal Risks as they evolve from an inherent to a residual level after application of mitigating controls in place.

1  External Shocks

2  Cyber Threat

3  Talent Retention & Recruitment

4  Compliance

5  Competition Threat

Inherent level

Residual level

Principal Risks Explained

Risks Category

Operational
Risks

Financial
Risks

Strategic
Risks

Compliance
Risks

Capital Affected

Financial
Capital

Social & Relationship Capital

Human
Capital

Manufactured
Capital

Intellectual
Capital

Natural
Capital

External Shocks
Cyber Threat
Talent Retention & Recruitment
Compliance
Competition Threat
Description
The risk that CIEL Group is unable to sustain growth due to external shocks in the economies where it operates. Or where material revenues are coming from, resulting in missed performance targets and shareholder dissatisfaction.
Contributing Factors

• COVID-19 pandemic
• Russia/Ukraine conflict
• Rising costs and inflation
• Looming recession in major economies
• Foreign exchange volatility
• Interest rate volatility
• Global supply chain disruptions
• Commodity price volatility
• Moody’s Investors Service’s rating for Mauritius downgraded to “Baa3”
• Political instability & social unrest in the countries where CIEL operates
• Trade and political tensions between US and China

Capital Impacted
Clusters Impacted
Opportunities

• Textile: With the current trade war between US and China, several high value brands are re-directing their orders to India
• Agro: World sugar price hike amidst Russia/ Ukraine conflict gives early indications of good performance for next crop season and next year’s results

Inherent Risk
Residual Risk
How We Manage The Risk?

• Cost mitigation measures across all operations
• Rationalisation of suppliers
• Managing relationship with critical suppliers
• Alternative sourcing options
• Close monitoring of forex fluctuations with hedging strategies
• Close monitoring of geopolitical situation in the countries where CIEL operates
• Regular scenario/what if analysis in management and Board discussions

Extent to which risk is mitigated: Medium
Description
The risk that CIEL Group is exposed to cyber attacks, resulting in disruptions to activities, financial losses and client dissatisfaction.
Contributing Factors

• Increase in cyber-attacks following the pandemic and the Russia/Ukraine conflict
• Increasing dependency of CIEL on technology as it continues to be infused in day-to-day operations

Capital Impacted
Clusters Impacted
How We Manage The Risk?

• Preventive, detective and responsive cybersecurity measures implemented across all operations, although with different maturity levels
• Groupwide roadmap and KPIs defined to level up security capabilities across all operations
• Annual audits on robustness of cybersecurity framework across critical operations
• Ongoing staff awareness sessions

Extent to which risk is mitigated: Low
Inherent Risk
Residual Risk
Description
The risk that CIEL Group is unable to recruit, develop and retain talent to instill appropriate behaviours and service levels, resulting in client dissatisfaction, disruption in operations and significant costs and efforts associated with replacing departed staff and training new staff.
Contributing Factors

• Change of mindset amongst working population post COVID-19 pandemic (e.g. The Great Attrition), with certain sectors experiencing above-average attrition (e.g. hospitality, healthcare)
• Poaching of competent resources by competitors
• Lack of qualified or trained resources in Mauritius (e.g. nurses, doctors) and in other countries where we operate
• Limited staff mobility opportunities across the Group. 

Capital Impacted

Clusters Impacted

Opportunities

• Intra cluster and intra Group mobility for support functions

Inherent Risk
Residual Risk
How We Manage The Risk?

• Succession plan across clusters and operations
• Strong employee retention and employee value proposition strategies across all clusters and operations (e.g. employee engagement surveys, recognition and reward schemes, professional development schemes, employee wellness and welfare programmes, flexible hours)
• Managing trade union relationships closely
• Expatriate recruitment where expertise not available locally

Extent to which risk is mitigated: High
Description
The risk that CIEL Group is unable to manage the ever-evolving regulatory and compliance requirements, resulting in fines, revocation of relevant licences and reputational damage.
Contributing Factors

• Recent wave of AML/CFT related regulations affecting particularly Finance and Property clusters
• Coming wave of ESG related regulations
• Data privacy compliance regarding sensitive information
• Entities of CIEL Group operate in multiple jurisdictions and/or sectors with different regulatory frameworks

Capital Impacted
Clusters Impacted
How We Manage The Risk?

• Recent wave of AML/CFT related regulations affecting particularly Finance and Property clusters
• Coming wave of ESG related regulations
• Data privacy compliance regarding sensitive information
• Entities of CIEL Group operate in multiple jurisdictions and/or sectors with different regulatory frameworks

Extent to which risk is mitigated: Medium
Inherent Risk
Residual Risk
Description

The risk that CIEL Group does not anticipate and respond to competitive threats or new entrants, affecting its ability to maintain and grow its market share.

Contributing Factors

• Risk of disruption from more innovative products/organisations with enhanced customer experience
• Threats of new entrants in the sectors where we operate (e.g. Healthcare)
• Highly competitive markets in the sectors where we operate (e.g. Textile, Finance, Hospitality)

Capital Impacted
Clusters Impacted
Opportunities

• Disruptive technologies such as blockchain and artificial intelligence
• Mauritius well positioned as a financial hub between Asia and Africa
• Pan African Healthcare strategy
• Yielding of Group land assets
• Agritech
• Blue economy

Inherent Risk
Residual Risk
How We Manage The Risk?

• Strategic discussions at management and board levels to analyse customer/market trends and competition
• Product innovation
• Developing unique value propositions )e.g. Smart city eco development project)
• Impact investing (e.g. Katapult Mauritius Accelerator program on regenerative food and AgriTech for regional and international start-ups targeting African markets)
• Enhancing brand value

Extent to which risk is mitigated: Medium
Download Full Section
Previous Chapter
Download Interactive Report
Next Chapter

BRAND ONLINE BY NOVA INTERACTION LTD